Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
Reflected Cross Site Scripting(XSS)-index.php #12
Environment installed from verydows-master
In page localhost/index.php?c=main&a=index, the Get function can change the function used in PHP, the user/attacker can modify the parament and add the script which will be shown without filtering. They can use the script to steal the cookie or some things worse
Payload used: <script>alert(document.cookie)</script>
Navigate to the Affected URL, Payload would be triggered.
Payload used -